CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and...

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and altFontFamily. An...

Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Impact Under the default configuration, Mermaid state diagram's classDef allow DOM injection that escapes the SVG, although tags are removed, preventing XSS. Proof-of-concept stateDiagram-v2 classDef xss...

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker c...

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker can inject...

PT-2026-39886

Name of the Vulnerable Software and Affected Versions Mermaid versions prior to 10.9.6 Mermaid versions 11.0.0-alpha.1 through 11.14.0 Description Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Under the default configuration, the classDef...

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

UBUNTU-CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

EUVD-2026-26900

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

CVE-2026-43862 concerns mutt prior to 2.3.2, where the imap_auth_gss security level is mishandled. Affected software: mutt (before 2.3.2). Root cause: mishandling of the imap_auth_gss security level. Impact (per CVSS): low overall impact (Confidentiality: None, Integrity: Low, Availability: None)...

PT-2026-36775

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The imap auth gss security level is mishandled. Recommendations Update to version 2.3.2...

Linux Distros Unpatched Vulnerability : CVE-2026-43862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mutt before 2.3.2, the imapauthgss security level is mishandled. CVE-2026-43862 Note that Nessus relies on the presence of the package as reported by the...

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...